Bugtraq ID: 75999
Class: Input Validation Error
CVE: CVE-2015-1331
Remote: No
Local: Yes
Author: Roman Fiedler (Austrian Institute of Technology)
CVE: CVE-2015-1331
Remote: No
Local: Yes
Author: Roman Fiedler (Austrian Institute of Technology)
SUMMARY
An attacker can use readily available commands and tools to exploit this issue.
VULNERABILITY DESCRIPTION
LXC is prone to a local directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A local attacker could exploit this vulnerability using directory-traversal characters (‘../’) to arbitrary file as the root user.
VULNERABLE VERSIONS
- Debian Linux 6.0 sparc
- Debian Linux 6.0 s/390
- Debian Linux 6.0 powerpc
- Debian Linux 6.0 mips
- Debian Linux 6.0 ia-64
- Debian Linux 6.0 ia-32
- Debian Linux 6.0 arm
- Debian Linux 6.0 amd64
Mitigation
Updates are available. Please see the references or vendor advisory for more information.